diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2015-05-26 23:23:41 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2015-05-26 23:23:41 +0000 |
| commit | 83e03b7dc02fad4fc7730156fb42ba09821d1289 (patch) | |
| tree | e537032a7ea84dfe9a76b8d61452f29bcd3bb014 | |
| parent | ed8e1ab5bd157f9afad0bde0706eaf216f30c7ff (diff) | |
Cap DH-GEX group size at 4kbits for Cisco implementations. Some of them
will choke when asked for preferred sizes >4k instead of returning the 4k
group that they do have. bz#2209, ok djm@
| -rw-r--r-- | usr.bin/ssh/compat.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/compat.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/kexgexc.c | 5 |
3 files changed, 8 insertions, 3 deletions
diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 2475eafc925..23dacf2df95 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.93 2015/05/06 04:07:18 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.94 2015/05/26 23:23:40 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -150,6 +150,7 @@ compat_datafellows(const char *version) "1.2.22*", SSH_BUG_IGNOREMSG }, { "1.3.2*", /* F-Secure */ SSH_BUG_IGNOREMSG }, + { "Cisco-1.*", SSH_BUG_DHGEX_LARGE }, { "*SSH Compatible Server*", /* Netscreen */ SSH_BUG_PASSWORDPAD }, { "*OSU_0*," diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h index 83507f07035..2be290a8a8f 100644 --- a/usr.bin/ssh/compat.h +++ b/usr.bin/ssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.47 2015/04/10 05:16:50 dtucker Exp $ */ +/* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -61,6 +61,7 @@ #define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_CURVE25519PAD 0x10000000 #define SSH_BUG_HOSTKEYS 0x20000000 +#define SSH_BUG_DHGEX_LARGE 0x40000000 void enable_compat13(void); void enable_compat20(void); diff --git a/usr.bin/ssh/kexgexc.c b/usr.bin/ssh/kexgexc.c index 8c5d631a0ab..74ede3ab771 100644 --- a/usr.bin/ssh/kexgexc.c +++ b/usr.bin/ssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.21 2015/04/13 02:04:08 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -24,6 +24,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include <sys/param.h> #include <sys/types.h> #include <openssl/dh.h> @@ -60,6 +61,8 @@ kexgex_client(struct ssh *ssh) kex->min = DH_GRP_MIN; kex->max = DH_GRP_MAX; kex->nbits = nbits; + if (datafellows & SSH_BUG_DHGEX_LARGE) + kex->nbits = MIN(kex->nbits, 4096); /* New GEX request */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || (r = sshpkt_put_u32(ssh, kex->min)) != 0 || |